HPE/Silver Peak - Features by software release

This is a summary of VAOX/ECOS and GMS/Orchestrator software features and the version from which they were added.

▶ Features by VXOA software release

• ECOS 9.0

• Advanced Segmentation (VRF)
• Secure Shell Access
• Enhanced Multicast Support
• Improved Software Upgrade Stability
• Enhancements to Disabled Subnet Sharing via IP SLA
• Custom Tags in YAML Preconfig
• IPSec Anti-Replay Improvements to support a window size of up to 64K
• Multiple Domain Matches in DNS Cache

• Port Flexibility for Bonding 

• (9.0.2) Enable or Disable Portal WebSocket Connection 

• (9.0.2) Configure Encryption and Hash Algorithms 

• (9.0.2) Subnet Sharing Metric Enhancements 

• (9.0.2) ECMP Support for BGP 

• (9.0.2) Dynamic Subnet Sharing Hold-down Timer 

• (9.0.2) Route Map Enhancements 

• (9.0.2) Added Appliance CPU Stats 

• (9.0.2) Multicast Enhancements 

• (9.0.2) New HTTP Ping Metrics Loss and latency metrics for HTTP ping monitor 

• (9.0.2) Enhancements for Cleared and Acknowledged Alarms 

• (9.0.3) Support for Link Aggregation 

• (9.0.3) Show BGP Routes via CLI 

• (9.0.3) Import Management Routes to Routing Table 

• (9.0.3) NSSA Support in OSPF 

• (9.0.3) DSCP Marking per Interface 

• (9.0.3) Source Interface Configuration for DNS 

• (9.0.3) TCP Application Delay Stats for IPFIX 

• (9.0.3) Advanced Segmentation Supported in OSPF 

• (9.0.3) DHCP Support in Advanced Segmentation 

• (9.0.3) Custom CA Certificate Trust Store

• ECOS 8.3

• Remote IP Logged for TACACS+ and RADIUS
• (8.3.0.4) - The spsadmin account has been removed.
• (8.3.0.4) - Appliances can now be configured to reject self-signed certificates. This feature addresses CVE-2020-12143 and CVE-2020-12143.
• (8.3.0.4) - A new IKE-less seed distribution mechanism is now supported in ECOS. This feature addresses CVE-2020-12142.
• (8.3.0.4) - API changes have been made to restrict traversal of other directories, limiting access to sensitive data.
• (8.3.1.0) - Changes have been made that greatly reduce or eliminate the possibility of a cross-site forgery request (CSRF) on the appliance.
• (8.3.1.0) - Support for 25 Gbps fiber interface cards in the EC-XL appliance.
• (8.3.1.0) - Added a new custom bonding option that performs load-balancing based on tunnel capacity.
• (8.3.1.0) - Added a new link bonding option that supports user-configurable link prioritization and traffic steering/load balancing policies.
• (8.3.1.0) - IPSec anti-replay window protection has been enhanced to support window size of up to 64K.
• (8.3.1.0) - Traceroute is now supported across stateful-SNAT firewall type, across allow-all type with NAT configured, as well as across EdgeHA links.
• (8.3.1.0) - The Top Applications report now excludes Silver Peak control (non-user) traffic.
• (8.3.1.0) - Ping IPSLA monitor has been enhanced to include loss/latency measurements and thresholds.
• (8.3.1.0) - Ping IPSLA can now be directed into a 3rd party IPSec or GRE tunnel.
• (8.3.1.0) - EC-V now supports up to 32 interfaces along with auto-mac configuration.
• (8.3.1.0) - IPv6 DHCP is now supported on WAN interfaces.
• (8.3.1.0) - The internet breakout feature has been enhanced, enabling selection of the best quality internet link for local break-out based on user-defined criteria. 

• (8.3.2.0) - Secure WebSocket Connection to Orchestrator

• (8.3.2.0) - Multiple Ranges for DHCP Server

• (8.3.2.0) - Custom Tags in YAML Preconfig

• (8.3.2.1) - API Support for Route Redistribution Templates

 

• VXOA 8.2

• Branch NAT
• Multi-Region Subnet Sharing
• IPSec Service Chaining IKEv2
• BGP over IPSec
• Multicast GUI Support
• BGP Configuration of Source Address
• (8.2.1) - Route Filtering
• (8.2.1) - IPFIX Enhancements
• (8.2.1) - LAN-side VTI
• (8.2.1) - Dead Peer Detection (DPD) for IPSec Service Chaining
• (8.2.1) - Application Inference Engine

• VXOA 8.1 

• Enhanced Application Visibility
• BGP Routing
• Interface bonding on 10Gbps ports
• IPv6 UPD, GRE and IPSec tunnels
• SHA-2 Hash for IPSec
• Extended DHCP Server Options
• SNMPv3 Enhancements
• Custom HTTPS certificate support for appliance management
• Flow redirection on any configured physical interface
• Return passthrough traffic to L2 sender
• (8.1.3) Fine grained control of management traffic
• (8.1.4) DNS Application Classification Enhancement
• (8.1.4) Internet Breakout with Stateful Firewall and NAT
• (8.1.5) IP SLA tracking
• (8.1.5) PPPoE Interfaces
• (8.1.5) Redesigned Configuration > Interfaces page
• (8.1.5) Improved Application Classification by Port
• (8.1.5) Per-Flow Maximum Rate Control
• (8.1.5.3) EC-US Appliance Support
• (8.1.5.3) Modified High Efficiency Bonding
• (8.1.6) Edge High Availability
• (8.1.6) IPSec UDP Overlays (IKEless tunnels)
• (8.1.6) Mini License (supports up to 50mbps)
• (8.1.6) Configurable BGP Parameters (Local Preference • MED (Multi-Exit Discriminator) • AS Prepend Count • Keep Alive Timer • Hold Timer)
• (8.1.6) Configurable Interface for SAAS Probes
• (8.1.7) IPv6 Support for Inline Router Mode
• (8.1.7) BGP Enhancements (Soft reset • Input Metric • Communities)
• (8.1.7) Inbound Port Forwarding
• (8.1.7) Shaper Enhancements (Rebalance)
• (8.1.7) TCP MSS Clamping for Internet Breakout
• (8.1.7) Flow Redirection on WAN Interfaces
• (8.1.7) TCP Acceleration for IPv6
• (8.1.7) Cloud-Init Support
• (8.1.7) OSPF (Beta)
• (8.1.8) Zone Based Firewall
• (8.1.8) 3rd party IPSec Tunnels
• (8.1.8) IPFIX
• (8.1.8) IP SLA Enhancements

• (8.1.9) Multicast (Sparse Mode on MPLS only via CLI)
• (8.1.9) ACL match for IP Address by allowing ranges and wildcards
• (8.1.9) Application Inference Engine
• (8.1.9) User-defined SaaS applications and configuration of SaaS optimization probe interface via labels
• (8.1.9) Displays built-in policies via “Support > User Documentation > Built-in Policies"
• (8.1.9) Inbound port forwarding enhancement to allow in-bound WAN packets to pass un-modified (not translated) to the LAN
• (8.1.9) SSL optimization now supports ECDHE named curve 29
• (8.1.9) MOS Estimation
• (8.1.9.1) DNS Application Classification Enhancement
• (8.1.9.1) SSL optimization now supports ECDHE ECDSA with AES 256 GCM SHA384
• (8.1.9.1) Protection from Port Scanning
• (8.1.9.1) “Fail Open” in Bridge Mode
• (8.1.9.1) ATA Secure Erase
• (8.1.9.1) Disabling Support for OSPF Opaque LSAs
• (8.1.9.1) Support for Multiple LANside Interfaces in the Same Subnet
• (8.1.9.1) “Comments” Field for Configuration > Deployment
• (8.1.9.1) "Find Preferred Route" in Configuration > Routes
• (8.1.9.1) Support for additional hardware appliances: EC-L-B, EC-XL-B, EC-L-B-NM, EC-XL-B-NM, EC-L-P, EC-XL-P, EC-L-P-NM, EC-XL-P-NM
• (8.1.9.1) Support for the Orchestrator Boost report
• (8.1.9.3) BGP Graceful Restart
• (8.1.9.4) Admin Distance Enhancements and new defaults (for new installations): Subnet-shared static = 10 • Subnet-shared-BGP = 15 • Subnet-shared-OSPF = 15 • EBGP = 20 • IBGP = 200 • OSPF = 110
• (8.1.9.4) Port forwarding now supports protocol wildcard specifier “any”
• (8.1.9.4) AS Path Propagate
• (8.1.9.4) BGP Next-Hop Self
• (8.1.9.4) Multi-hop BGP
• (8.1.9.4) Zscaler Orchestration
• (8.1.9.5) USB ZTP Configuration
• (8.1.9.5) Loopback Interfaces and VTI Interfaces (VTI not supported until 8.2.0)
• (8.1.9.5) Zone Based Firewall Flow Logging
• (8.1.9.5) Support for Multiple DHCP Relay Agents
• (8.1.9.5) DNS Proxy

  

• VXOA 8.0 

• Business Intent Overlays
• Deployment Profiles
• Packet-Based Dynamic Path Control (DPC) or Bonded Tunnels
• Built-in DHCP server and relay
• Inbound QoS
• Support for IPv6 PBR deployments
• (8.0.3) - Support for additional hardware appliance part numbers

• VXOA 7.3 

• Support for the Unity EdgeConnect XS and V.
• Current Flows tab can report on flows that are experiencing slow LAN-side performance.
• Reset non-accelerated TCP connections.
• DRC configuration now available on web interface: Configuration > Shaper
• (7.3.1) - Support for the Unity EdgeConnect L, XL
• (7.3.2) - Support for the Unity EdgeConnect S
• (7.3.3) - Fast fail (sub-second failover) for Dynamic Path Control (DPC)
• (7.3.3) - Support for the Unity EdgeConnect M

▶ Features by GMS/Orchestrator Software Release

• Orchestrator 9.0

• Increased Retention for New Daily Stats, now 3 months.

• Advanced Segmentation (VRF)

• YAML Preconfig Support for Routing Segmentation

• YAML Preconfig Supports Custom Tags

• Secure Shell Access

• SAML 2.0 Integration

• Enhanced Authentication Between Orchestrator and Cloud Portal

• Allowed External IPs in Cloud Orchestrator

• Live Troubleshooting for Down Tunnels

• (9.0.3) Routes Template Enhancements
• (9.0.3) Multiple Ranges for DHCP Server
• (9.0.3) Zone Orchestration for AWS TGNM and Azure
• (9.0.3) Appliance CPU Usage Charts
• (9.0.3) Updates to BGP Template
• (9.0.3) Added Details for Cleared and Acknowledged Alarms
• (9.0.3) Peer-based Subnet Sharing Metric
• (9.0.3) Increased Retention for new Daily Stats, now 3 months
• (9.0.4) Support for Link Aggregation
• (9.0.4) NSSA Support in OSPF
• (9.0.4) Source Interface Configuration for DNS
• (9.0.4) Configurable Confidence Value for Address Map Definitions
• (9.0.4) Custom CA Certificate Trust Store
• (9.0.4) Route Map Enhancements

• Orchestrator 8.10

• Intelligent Upgrades

• (8.10.10) - Support for Zscaler Sub-Locations
• (8.10.10) - Integration with AWS Transit Gateway Network Manager (TGNM)
• (8.10.10) - New Route Redistribution Map Template
• (8.10.11) - Allowed External IPs in Cloud Orchestrator
• (8.10.12) IP SLA Enhancement
• (8.10.15) DSCP Marking per Interface
• (8.10.15) Disable Cloud Portal Data Collection
• (8.10.15) Three-step OIDC Authorization for JWT
• (8.10.15) Peer-based Subnet Sharing Metric
• (8.10.15) Improvements in Zscaler ZEN Discovery
• (8.10.15) Enhanced Authentication Between Orchestrator and Cloud Portal

• Orchestrator 8.9

• IKE-less Seed Distribution To address CVE-2020-12142

• Portal Migration Wizard The Orchestrator

• Auto-prune Tunnels from Removed Appliances

• Improved Response Times for Top ‘X’ Charts

• Support for New Alarm: Insufficient Bandwidth for Tunnels

• OAuth 2.0 Support for Identity Access Management (IAM)

• (8.9.2) - Disable Self-signed Certificates To address CVE-2020-12143 and CVE-2020-12144

• (8.9.2) - Loopback Orchestration

• (8.9.10) - Improvements in IPSec UDP Key Material Defaults and Configuration
• (8.9.10) - Default RBAC Role for Full Appliance Access
• (8.9.10) - JSON Web Token (JWT) Authentication
• (8.9.10) - WebSocket API option for Remote Log Receiver
• (8.9.10) - Aggregate Shaper Stats
• (8.9.10) - New Routes and Route Map Templates

• Orchestrator 8.8

• PPPoE in preconfiguration

• Loopback & VTI in preconfig

• Ikev2 enhancements

• Reset flows confirmation

• BGP ASN and Local communities

• Maintenance Mode

• Notification Banner

• Tunnels to Hubs in other region

• DHCP Failover

• Bandwidth tier licensing

• (8.8.3) IPFIX UI Enhancements

• (8.8.3) Increased Capacity for Inbound Port Forwarding Rules, up to 100

• (8.8.3) Route Map Enhancements

• (8.8.3) Microsoft Virtual WAN Orchestration (beta)

• (8.8.3) Zscaler Orchestration to support load balancing of IPSec tunnels and support for new geo-location APIs

• (8.8.3) Check Point Integration

• Orchestrator 8.7

• Branch NAT

• DHCP relay per VLAN

• Source address for BGP

• ACL Policy enhancement

• Display peer role (hub/spoke) in routes

• Added capability to configure the logging level for implicit firewall drop between zones.

• Loopback interfaces in Appliance Wizard

• VTI and Loopback Interfaces

• Redesigned BIO and regional overlays

• Realtime updates from Microsoft Office 365

• Role based access

• Alarm Suppression

• TACACS and RADIUS enhancements. Support “Remote only” and “Local if Remote Unavailable”

• Orchestrator 8.6

• Multicast routing

• Firewall rule logging

• Tech Support - Orchestrator tab improvement. Files can now be downloaded to the Orchestrator first

• Routes Tab Filter

• Flows tab improvements - new filters:Overlay and Transport filters, Flow characteristics, • Duration filters, Include built-in and HA, and various other checkboxes

• Zscaler Orchestration

• Support Any Protocol in Inbound Port Forwarding

• Verify Email Address optional if Orchestrator is configured with a custom SMTP server

• Regions Tab

• License revocation and grant support for metered license model

• Firewall logging for Security Policies

• Orchestrator 8.5

• Orchestrator has been redesigned to handle large networks.

• MOS Statistics

• Define Custom severity for Alarms

• Delay Alarm Emails

• Backup Orchestrator to HTTPS or SFTP servers as well as FTP, HTTP and SCP

• Pre-Configuration using YAML files in Orchestrator before Zero Touch Provisioning occurs.

• HTTP/HTTPS IPSLA ping monitors

• IPFIX support

• Wild Card Based prefix Matching in Policies

• Block Network Orchestation via Cloud Portal

• Preconfiguration

• Allow ECDSA certificates for Saas

• Health map sorting

• 'Find Preferred Route' dialog available when editing Configuration > Routes

• Configurable Statistics Retention

• Overlapping LAN side subnets

• Support IPv6 internal subnets on the Business Intent Overlay page

• Configurable tunnel alarm aggregation

• Notes for interfaces on Deployment page

• Boost Trends report

• Software Versions tab redesigned

• Preconfiguration Passthrough Tunnels and Flow Redirection

• IP Directed Broadcast available in templates

• Nonaccelerated TCP Inactivity Timeout available in System template

• New routes states that indicate peer’s role as Hub or Spoke

• BGP Graceful restart

• Zone based Firewall Statistics

• Suppress Tunnel creation using Tunnel Exceptions tab

• (8.5.2) Orchestration ETA progress and prioritization

• Orchestrator 8.4

• Overlay ACL

• Maximum Orchestrator backups to retain now configurable

• RMA Wizard

• Upgrade appliances via Configuration Wizard

• Tree filters

• Transceiver information for EC-M-B and EC-M-P models SFP interfaces

• Admin up/down datapath interfaces

• Account key protection

• IP/Port wildcard pattern match

• IPFIX Flow Export

• IPSLA HTTP Ping

• Enable / Disable Default DNS Lookup

• Auto-MTU Discovery Scheduler

• Interface Dynamic Rate Control

• Compound Applications

• IPSec Pass-Through Tunnels

• Orchestrator 8.3

• Overlay Region Support

• Orchestration of Templates (Groups)

• Inbound Port Forwarding Orchestration

• Cross Connect Grouping

• (8.3.3) OSPF support

• (8.3.3) Interface Bandwidth Summary report

• (8.3.3) Orchestrator in-place upgrade (no revert to previous Orch version from this point on)

• (8.3.3) Appliance Flow Trends tab enhancements

• (8.3.3) Authentication protocols for TACACS and RADIUS

• (8.3.3) Alarms in CSV format

• (8.3.3) CLI shell from UI

• (8.3.3) Remote assistance

• (8.3.3) TCP MSS clamping

• (8.3.6) Unreachable appliances are now shown grey in the tree

• (8.3.6) Network Manager role deprecated

• (8.3.6) Saas ping interface configurable

• (8.3.6) Configurable VLAN for Edge HA

• (8.3.6) Pause Orchestration

• Orchestrator 8.2

• IPSec UDP overlays

• Packets per second trends tab

• Tech Support improvements (appliance and Orchestrator tabs)

• Orchestrator system dump

• Application Visibility and Classification (AVC)

• Edge Connect High Availability HA Support

• Controlling statistics collection

• IP Whitelist

• Orchestrator 8.1

• Improved Health Dashboard

• Dynamic Topology Geomap

• Live View

• Traceroute support in the GUI

• Policy maps enhancements

• BGP support

• Flow tab enhancement

• Top Talkers, domains, countries and ports

• Tunnel Bandwidth, DSCP, Jitter and Traffic Class Pie Charts

• Appliance Flow, DSCP, QoS and Jitter Trends

• Scheduled reports improvements

• HTTPS Certificates Upload template

• Custom SSL certificate for Orchestrator UI

• Geo location support for Discovered Appliances tab

• Deployment configuration tab improvements

• DHCP leases by appliance

• Built-in applications

• Overlay Manager controls

• Overlay boost button improvement

• Orchestrator 8.0

• Health Dashboard

• Deployment Profiles

• Overlay Topology

• Tunnel charts per overlay

• Labels (VXOA 8.0)

• Tunnel Groups replace Tunnel Builder (VXOA 6.2.11)

• Shaper, policy and ACL template support (VXOA 8.0)

• Registration removed from Cloud Portal template (VXOA 7.0)

• VRRP Template (VXOA 6.2.11)

• Tunnel templates now support fast fail threshold (VXOA 7.3.3)

• New Shaper report (VXOA 8.0)

• Consolidated Audit Log tab

• Appliance Configuration backup (VXOA 6.2.11)

• New Deployment report

• Bulk import subnets from .csv now supported

• Orchestrator 7.3 (EoL)

• Appliance discovery (VXOA 6.2.11)

• Tunnel summary report

• Scheduled group reboot/shutdown

• Scheduled group QoS map activation

• SMTP settings dialog

• Scheduled timezone dialog

• Third party licenses page

• Silver Peak appliances licenses page

• Cloud Portal registration template (VXOA 7.2)

• SaaS Optimization template (VXOA 7.2)

• CLI template (VXOA 6.2.11)

• GMS 7.2 (EoL)

• HTML email reports (VXOA 6.2)

• Appliance discovery (VXOA 6.2.10)

• Alarms via email

• Time based QoS (VXOA 6.2)

• GMS Backup

• Historical Jobs

• VMware vROps Integration (VXOA 6.2.10)

• New charts added

• New templates added

• New configuration reports added

• REST API